» extension.exe
Overview
Analysis
File Details

extension.exe

SoGe Interactive LLC

This is part of the Babylon web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application extension.exe by SoGe Interactive has been detected as adware by 11 anti-malware scanners. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. It is also typically executed from the user's temporary directory.

File name:

extension.exe

Publisher:

SoGe Interactive LLC (signed and verified)

MD5:

6791b8f29479de8fe267208aa12f67ac

SHA-1:

1520c8cd9db6cadde1cb942d026dfdca6ed66473

SHA-256:

ac8e4fd083f9429affa9d99a7b3fb102a06328a85f0c28aa128b1524e6903f20

Scanner detections:

11 / 68

Status:

Adware

Analysis date:

4/18/2024 3:30:14 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:PUP-gen [PUP]

2014.9-151029

AVG

Skodna.Generic

2016.0.2942

Bkav FE

W32.Clod3e2.Trojan

1.3.0.4613

Comodo Security

UnclassifiedMalware

17527

Dr.Web

Adware.Downware.118

9.0.1.0302

ESET NOD32

Win32/SoGeInstaller (variant)

9.9233

Fortinet FortiGate

W32/Torpore.AUN!tr

10/29/2015

Malwarebytes

PUP.Soge

v2015.10.29.08

McAfee

Artemis!6791B8F29479

5600.6598

Reason Heuristics

PUP.Babylon.SoGeInteractive (M)

15.10.29.8

Trend Micro House Call

HV_TORPORE_CA2243D9.TOMC

7.2.302

File size:

449.8 KB (460,624 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\extension.exe

Digital Signature

Signed by:

SoGe Interactive LLC

Authority:

VeriSign, Inc.

Valid from:

12/3/2010 6:00:00 PM

Valid to:

12/3/2012 5:59:59 PM

Subject:

CN=SoGe Interactive LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SoGe Interactive LLC, L=Las Vegas, S=Nevada, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

37A37FA84B2105ECF3AE65698875268D

File PE Metadata

Compilation timestamp:

11/8/2011 5:47:52 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.0

CTPH (ssdeep):

12288:Zmz9UIKoZfP5AgTM9L1Vu7KBWAWpgGtVou0qVTCYZ:xgPTTM9xC/dpgoGuXgm

Entry address:

0x13CB70

Entry point:

60, BE, 00, 30, 4D, 00, 8D, BE, 00, E0, F2, FF, C7, 87, 7C, EB, 0D, 00, D1, 03, 50, D4, 57, EB, 11, 90, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46... 
[+]

Entropy:

7.8713 (probably packed)

Code size:

424 KB (434,176 bytes)

Remove extension.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.